‼ CVE-2021-45348 ‼
📖 Read
via "National Vulnerability Database".
An Arbitrary File Deletion vulnerability exists in SourceCodester Attendance Management System v1.0 via the csv parameter in admin/pageUploadCSV.php, which can cause a Denial of Service (crash).📖 Read
via "National Vulnerability Database".
🕴 8 of the Biggest Cybersecurity M&As & Investment Deals in 2021 🕴
📖 Read
via "Dark Reading".
There were more financial deals in cybersecurity last year than in any previous year.📖 Read
via "Dark Reading".
Dark Reading
8 of the Biggest Cybersecurity M&As & Investment Deals in 2021
There were more financial deals in cybersecurity last year than in any previous year.
🕴 San Francisco 49ers Hit With a Ransomware Attack 🕴
📖 Read
via "Dark Reading".
AP report says NFL team organization acknowledged a "network security incident" that affected its corporate IT network.📖 Read
via "Dark Reading".
Dark Reading
San Francisco 49ers Hit With a Ransomware Attack
AP report says NFL team organization acknowledged a "network security incident" that affected its corporate IT network.
âš Adobe fixes zero-day exploit in e-commerce code: update now! âš
📖 Read
via "Naked Security".
There's a remote code execution hole in Adobe e-commerce products - and cybercrooks are already exploiting it.📖 Read
via "Naked Security".
Sophos News
Naked Security – Sophos News
‼ CVE-2022-23638 ‼
📖 Read
via "National Vulnerability Database".
svg-sanitizer is a SVG/XML sanitizer written in PHP. A cross-site scripting vulnerability impacts all users of the `svg-sanitizer` library prior to version 0.15.0. This issue is fixed in version 0.15.0. There is currently no workaround available.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-46463 ‼
📖 Read
via "National Vulnerability Database".
njs through 0.7.1, used in NGINX, was discovered to contain a control flow hijack caused by a Type Confusion vulnerability in njs_promise_perform_then().📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23336 ‼
📖 Read
via "National Vulnerability Database".
S-CMS v5.0 was discovered to contain a SQL injection vulnerability in member_pay.php via the O_id parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-46461 ‼
📖 Read
via "National Vulnerability Database".
njs through 0.7.0, used in NGINX, was discovered to contain an out-of-bounds array access via njs_vmcode_typeof in /src/njs_vmcode.c.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0583 ‼
📖 Read
via "National Vulnerability Database".
Crash in the PVFS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23389 ‼
📖 Read
via "National Vulnerability Database".
PublicCMS v4.0 was discovered to contain a remote code execution (RCE) vulnerability via the cmdarray parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23902 ‼
📖 Read
via "National Vulnerability Database".
Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in export_data.php via the d_name parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23410 ‼
📖 Read
via "National Vulnerability Database".
AXIS IP Utility prior to 4.17.0 allows for remote code execution and local privilege escalation by the means of DLL hijacking. IPUtility.exe would attempt to load DLLs from its current working directory which could allow for remote code execution if a compromised DLL would be placed in the same folder.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23992 ‼
📖 Read
via "National Vulnerability Database".
XCOM Data Transport for Windows, Linux, and UNIX 11.6 releases contain a vulnerability due to insufficient input validation that could potentially allow remote attackers to execute arbitrary commands with elevated privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24206 ‼
📖 Read
via "National Vulnerability Database".
Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in /mobile_seal/get_seal.php via the DEVICE_LIST parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24704 ‼
📖 Read
via "National Vulnerability Database".
The rad_packet_recv function in opt/src/accel-pppd/radius/packet.c suffers from a buffer overflow vulnerability, whereby user input len is copied into a fixed buffer &attr->val.integer without any bound checks. If the client connects to the server and sends a large radius packet, a buffer overflow vulnerability will be triggered.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23391 ‼
📖 Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in Pybbs v6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the Search box.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45005 ‼
📖 Read
via "National Vulnerability Database".
Artifex MuJS v1.1.3 was discovered to contain a heap buffer overflow which is caused by conflicting JumpList of nested try/finally statements.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23390 ‼
📖 Read
via "National Vulnerability Database".
An issue in the getType function of BBS Forum v5.3 and below allows attackers to upload arbitrary files.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23335 ‼
📖 Read
via "National Vulnerability Database".
Metinfo v7.5.0 was discovered to contain a SQL injection vulnerability in language_general.class.php via doModifyParameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23337 ‼
📖 Read
via "National Vulnerability Database".
DedeCMS v5.7.87 was discovered to contain a SQL injection vulnerability in article_coonepage_rule.php via the ids parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23637 ‼
📖 Read
via "National Vulnerability Database".
K-Box is a web-based application to manage documents, images, videos and geodata. Prior to version 0.33.1, a stored Cross-Site-Scripting (XSS) vulnerability is present in the markdown editor used by the document abstract and markdown file preview. A specifically crafted anchor link can, if clicked, execute untrusted javascript actions, like retrieving user cookies. Version 0.33.1 includes a patch that allows discarding unsafe links.📖 Read
via "National Vulnerability Database".